But based on your comment that it should work to use the built-in schemas, I did a little more testing, and I think the problem is related to the MS-AD-BIS schema that was added in 9.1. In my experience, it cannot be used directly. Below is an example with:

- direct use of the MS-AD-BIS schema (doesn't work)

- use of an unmodified copy of the MS-AD-BIS schema (works)

- direct use of another built-in schema, AD-IDMU (also works)

This is on 9.1P8.

cluster::*> ldap delete -vserver nfscorpprd01

Warning: "LDAP" is present as one of the sources in one or more ns-switch
         databases but no valid LDAP configuration was found for Vserver
         "nfscorpprd01". Remove "LDAP" from ns-switch using the "vserver
         services name-service ns-switch" command. Configuring "LDAP" as a
         source in the ns-switch setting when there is no valid configuration
         can cause protocol access issues.
         
cluster::*> ldap client create -client-config DOESNTWORK -vserver nfscorpprd01 -ad-domain prod.justacompany.be -schema MS-AD-BIS -bind-as-cifs-server true -min-bind-level simple -base-dn "DC=prod,DC=justacompany,DC=be"

cluster::*> ldap create -vserver nfscorpprd01 -client-config DOESNTWORK

cluster::*> diag secd name-mapping show -node cluster-01 -vserver nfscorpprd01 -direction win-unix prod\johndoe

ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.

'prod\johndoe' maps to 'pcuser'

=====

cluster::*> ldap client schema copy -schema MS-AD-BIS -new-schema-name COPY-OF-MS-AD-BIS -vserver nfscorpprd01

cluster::*> ldap client create -client-config WORKS -vserver nfscorpprd01 -ad-domain prod.justacompany.be -schema COPY-OF-MS-AD-BIS -bind-as-cifs-server true -min-bind-level simple -base-dn "DC=prod,DC=justacompany,DC=be"

cluster::*> ldap delete -vserver nfscorpprd01

Warning: "LDAP" is present as one of the sources in one or more ns-switch
         databases but no valid LDAP configuration was found for Vserver
         "nfscorpprd01". Remove "LDAP" from ns-switch using the "vserver
         services name-service ns-switch" command. Configuring "LDAP" as a
         source in the ns-switch setting when there is no valid configuration
         can cause protocol access issues.

cluster::*> ldap create -vserver nfscorpprd01 -client-config WORKS

cluster::*> diag secd name-mapping show -node cluster-01 -vserver nfscorpprd01 -direction win-unix prod\johndoe

ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.

'prod\johndoe' maps to 'johndoe'

=====

cluster::*> ldap client create -client-config ALSOWORKS -vserver nfscorpprd01 -ad-domain prod.justacompany.be -schema AD-IDMU -bind-as-cifs-server true -min-bind-level simple -base-dn "DC=prod,DC=justacompany,DC=be"

cluster::*> ldap delete -vserver nfscorpprd01

Warning: "LDAP" is present as one of the sources in one or more ns-switch
         databases but no valid LDAP configuration was found for Vserver
         "nfscorpprd01". Remove "LDAP" from ns-switch using the "vserver
         services name-service ns-switch" command. Configuring "LDAP" as a
         source in the ns-switch setting when there is no valid configuration
         can cause protocol access issues.

cluster::*> ldap create -vserver nfscorpprd01 -client-config ALSOWORKS

cluster::*> diag secd name-mapping show -node cluster-01 -vserver nfscorpprd01 -direction win-unix prod\johndoe

ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.

'prod\johndoe' maps to 'johndoe'